Single Sign On DNS Confusion

This question is answered This question is answered
I have set up our Office 365 trial and am trying to get our Single Sign-on working.  XXXX.domain.com is our adfs service name.  YYYY.domain.com is our ADFS proxy.  When testing with the exchange remote connectivity tool, it looks for the ADFS server at XXXX.domain.com, not the proxy.  Where do I change this setting to have it look for the ADFS proxy?
Verified Answer
  • Hi, as Sean mentions, both the STS and the Proxy use the same SSL cert with the same subject name. The only difference is that DNS inside your network points to the STS and DNS outside points to the Proxy. You can see this in the second network picture at onlinehelp.microsoft.com/.../ff652539.aspx

    Thanks, Sam

All Replies
  • the ADFS service and Proxy name much match.  The way to configure which one is used is via DNS.  You would enter the IP address for the ADFS Service in your internal DNS and the IP Address for your ADFS proxy in the external/public DNS.

  • Hi, as Sean mentions, both the STS and the Proxy use the same SSL cert with the same subject name. The only difference is that DNS inside your network points to the STS and DNS outside points to the Proxy. You can see this in the second network picture at onlinehelp.microsoft.com/.../ff652539.aspx

    Thanks, Sam

  • Hello Gpaitz,

    Is the information above useful?
    In addition, do you need further assistance on the issue?

    Best regards,
    Claud

  • My proxy is on the same server as another site which requires HTTPS so I have to use host headers to access the site.  Does this create issues by having the proxy respond to XXXX.domain.com at the same time as needing to communicate with the ADFS server at XXXX.domain.com?

  • Hello Gpaitz,

    Is your concern about the hosts file at the ADFS proxy server that routes the client-initiated calls to ADFS server may cause that the response to the external users will be sent mistakenly?

    If so, ADFS Proxy server can recognize the client-initiated request that should be sent to the ADFS server and the response to the external clients.
    The response to external clients at the ADFS proxy server won’t be affected.

    If I misunderstand your concern, please provide the detailed information about your concern, such as a screenshot and a detailed example.

    Best regards,
    Claud   

  • Hello Gpaitz,

    I‘m writing to follow up my previous reply. If you need further assistant on this issue, please feel free to post back.

    Best regards,
    Claud